Thanks Robyn,
My config
Internet - Untangle -- Switch and plug on the switch Vyatta Router, the
network 192.168.2.0, and the DHCP Server
Schema:
X --------- Vyatta --
Network 192.168.10.0
Internet --- Untangle Gateway --- Switch
X---------- Network
192.168.2.0 + DHCP Server
My config on vyatta
protocols {
snmp {
community public {
client 192.168.2.5
client 192.168.2.99
}
trap-target 192.168.1.1
trap-target 192.168.10.1
contact: "Network Administrator"
location: "XXXXX"
}
static {
}
}
policy {
}
interfaces {
loopback lo {
address 10.0.0.65 {
prefix-length: 32
}
}
ethernet eth0 {
description: "My Sub Net 10"
hw-id: 00:03:47:06:39:9e
address 192.168.10.1 {
prefix-length: 24
}
}
ethernet eth1 {
disable: true
description: "Not Working"
hw-id: 00:06:5b:a5:29:10
}
ethernet eth2 {
description: "Interface Out"
hw-id: 00:0e:2e:98:18:80
address 192.168.2.10 {
prefix-length: 24
}
}
}
service {
dhcp-relay {
interface eth0
interface eth2
server 192.168.2.2
relay-options {
}
}
nat {
rule 1 {
type: "masquerade"
outbound-interface: "eth2"
}
rule 2 {
type: "masquerade"
inbound-interface: "eth2"
outbound-interface: "eth0"
protocols: "all"
source {
network: "192.168.2.0/24"
}
destination {
network: "192.168.10.0/24"
}
}
}
ssh {
}
webgui {
}
}
firewall {
}
}
system {
host-name: "XXXXX"
domain-name: "XXXX.ac.id"
domain-search {
domain "XXXXX.ac.id"
}
name-server 192.168.2.2
time-zone: "GMT+7"
ntp-server "69.59.150.135"
gateway-address: 192.168.2.1
login {
user root {
authentication {
encrypted-password: ""
}
}
user vyatta {
authentication {
encrypted-password: ""
}
}
user networkadmin {
full-name: "Network Administrator"
authentication {
encrypted-password: ""
plaintext-password: ""
}
}
}
package {
repository community {
component: "main"
url: "http://archive.vyatta.com/vyatta";
}
}
options {
}
}
The capture from a PC in the network 192.168.2.0
tshark -i eth2 port 67 and port 68 -Vn
Frame 5 (342 bytes on wire, 342 bytes captured)
Arrival Time: Dec 6, 2007 09:00:22.590416000
[Time delta from previous packet: 0.018551000 seconds]
[Time since reference or first frame: 0.019484000 seconds]
Frame Number: 5
Packet Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
Ethernet II, Src: MacRouterEth2 (MacRouterEth2), Dst: XXXX
(XXX)
Destination: XXXX (XXXXX)
Address: XXXX (XXXXX)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: MAC (MacRouterEth2)
Address: MacRouterEth2 (0MacRouterEth2)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.2.10 (192.168.2.10), Dst: 192.168.2.196 (
192.168 .2.196)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x0000 (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 16
Protocol: UDP (0x11)
Header checksum: 0x2377 [correct]
[Good: True]
[Bad : False]
Source: 192.168.2.10 (192.168.2.10)
Destination: 192.168.2.196 (192.168.2.196)
User Datagram Protocol, Src Port: 67 (67), Dst Port: 68 (68)
Source port: 67 (67)
Destination port: 68 (68)
Length: 308
Checksum: 0x9f16 [correct]
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x3c080bf9
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 192.168.2.196 (192.168.2.196)
Next server IP address: 192.168.2.2 (192.168.2.2)
Relay agent IP address: 192.168.2.10 (192.168.2.10)
Client MAC address: XXXXX (XXXX)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Offer
Option: (53) DHCP Message Type
Length: 1
Value: 02
Option: (t=1,l=4) Subnet Mask = 255.255.255.0
Option: (1) Subnet Mask
Length: 4
Value: FFFFFF00
Option: (t=58,l=4) Renewal Time Value = 4 days
Option: (58) Renewal Time Value
Length: 4
Value: 00054600
Option: (t=59,l=4) Rebinding Time Value = 7 days
Option: (59) Rebinding Time Value
Length: 4
Value: 00093A80
Option: (t=51,l=4) IP Address Lease Time = 8 days
Option: (51) IP Address Lease Time
Length: 4
Value: 000A8C00
Option: (t=54,l=4) Server Identifier = 192.168.2.2
Option: (54) Server Identifier
Length: 4
Value: C0A80202
Option: (t=3,l=4) Router = 192.168.2.1
Option: (3) Router
Length: 4
Value: C0A80201
Option: (t=6,l=4) Domain Name Server = 192.168.2.2
Option: (6) Domain Name Server
Length: 4
Value: C0A80202
Option: (t=44,l=4) NetBIOS over TCP/IP Name Server = 192.168.2.2
Option: (44) NetBIOS over TCP/IP Name Server
Length: 4
Value: C0A80202
Option: (t=46,l=1) NetBIOS over TCP/IP Node Type = H-node
Option: (46) NetBIOS over TCP/IP Node Type
Length: 1
Value: 08
End Option
Padding
But I have no Frame message if I request a new ip from the network eth0
Thanks for your help
Damien
On Dec 6, 2007 10:41 PM, Robyn Orosz <[EMAIL PROTECTED]> wrote:
> Hi Damien,
>
> This should work as long as requests are coming in from hosts that are
> connected to eth0. Is there more than one network assigned to eth0? It
> would help if you could post your configuration (you can block out any
> public IPs).
>
> If you run a verbose packet capture, you should be able to see what the
> relay agent IP is in the request packet. If it's something other than
> 192.168.10.x or 192.168.2.x (your 2 scopes), the Windows server is not
> going to serve an address to it.
>
> Try running:
>
> tshark -i eth2 port 67 and port 68 -Vn
>
> Thanks,
>
> Robyn
>
> Dams wrote:
> > Thanks for your reply.
> >
> > Sorry, my mistake : not eth1 but eth0. (192.168.10.X)
> >
> > Eth2 -> network with the DHCP Server on network 192.168.2.XXx
> >
> > The DHCP serve the scope (192.168.2.0 <http://192.168.2.0>) as well :
> > here no problem the pc got their IP (see the log, after)
> >
> > and I would like that the DHCP server serve the scope 192.168.10.XX as
> > well on the interfaces eth0
> >
> > So on my windows server, I have a superScope with 2 scope (
> > 192.168.2.0 <http://192.168.2.0> and 192.168.10.0 <http://192.168.10.0>)
> >
> >
> > styohanes:~# tcpdump -n port 67 -i eth2
> > tcpdump: verbose output suppressed, use -v or -vv for full protocol
> > decode
> > listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
> >
> > 07:45:14.790263 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP,
> > Request from XXX, length 300
> > 07:45:31.788526 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP,
> > Request from XXX, length 300
> > 07:46:32.337900 IP 192.168.2.154.68 > 255.255.255.255.67: BOOTP/DHCP,
> > Request from XXX333, length 300
> > 07:47:15.884938 IP 0.0.0.0.68 > 255.255.255.255.67 : BOOTP/DHCP,
> > Request from XXX222, length 300
> > 07:47:15.885338 IP 192.168.2.2.67 > 255.255.255.255.68: BOOTP/DHCP,
> > Reply, length 300
> > 07:47:28.896045 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
> > Request from XXX222, length 300
> > 07:47:28.896468 IP 192.168.2.2.67 > 255.255.255.255.68: BOOTP/DHCP,
> > Reply, length 300
> > 07:50:50.781445 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP,
> > Request from XXX, length 300
> > 07:50:53.777544 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP,
> > Request from XXX, length 300
> >
> > So, the request is going to the DHCP server, but no reply from him.....
> > But it work fine for the mac XXX222 which is in the network
> > 192.168.2.0 <http://192.168.2.0>
> >
> > I think the problem is from my DCHP Server,
> > How can you define a scope to reply to a router
> > - link the Scope 192.168.10.0 <http://192.168.10.0> to the router
> > 192.168.10.1 <http://192.168.10.1> ?
> >
> >
> > Thanks for your help.
> >
> > only 6 hours on a DHCP problem, :-/
> >
> >
> >
> > merci
> > Damien
> >
> >
> > On Dec 6, 2007 9:40 PM, Robyn Orosz < [EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>> wrote:
> >
> > Hi Damien,
> >
> > What interface is the network connected to that you wish to serve
> > DHCP
> > addresses? You mention eth1 in your post, but I only see eth0 and
> > eth2
> > configured for dhcp-relay. If you want to serve hosts behind
> > eth1, you
> > need to add eth1 to the dhcp-relay configuration.
> >
> > To make this more clear, if your win 2k3 server is configured with a
> > DHCP scope for network 192.168.10.x, it will only serve requests
> made
> > from the interface configured with 192.168.10.x. The dhcp-relay
> adds
> > the IP address of the interface that requests are seen on into the
> > BOOTP
> > request packets so the DHCP server knows which scope to serve
> > addresses
> > to.
> >
> > Thank you,
> >
> > Robyn
> >
> > Troopy . wrote:
> > > Hello,
> > >
> > > Did you check the routing? i mean the DHCP server must be able to
> > > reach the client at the IP layer.
> > >
> > > I remember i forgot this when i wrote the DHCP openmaniak
> tutorial.
> > > (See the case study, i forgot "set protocols static route
> > 0.0.0.0/0 <http://0.0.0.0/0> next-hop 10.0.2.2 <http://10.0.2.2>")
> > >
> > >
> > > Bonne chance
> > > Troopy
> > >
> > > ---------- Original Message ----------------------------------
> > > From: Dams < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> > > Date: Thu, 6 Dec 2007 18:01:08 +0700
> > >
> > >
> > >> Hello,
> > >>
> > >>
> > >> I have a problem with the DHCP-relay
> > >>
> > >> Config:
> > >> dhcp-relay {
> > >> interface eth0
> > >> interface eth2
> > >> server 192.168.2.2 <http://192.168.2.2>
> > >> relay-options {
> > >> }
> > >>
> > >>
> > >> Eth0 conect to my DHCP server (win 2k3 Server) : 192.168.2.2
> > <http://192.168.2.2>
> > >> and Eth1 to a subnet : 192.168.10.X
> > >>
> > >> But the dhcp relay doesn't work
> > >> XXXXX:~# tcpdump -n port 67
> > >> tcpdump: verbose output suppressed, use -v or -vv for full
> > protocol decode
> > >> listening on eth0, link-type EN10MB (Ethernet), capture size 96
> > bytes
> > >> 17:50:29.636059 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
> > Request from
> > >> XXXXX, length 300
> > >> 17:50:33.376048 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
> > Request from
> > >> XXXXX, length 300
> > >> 17:50:38.370026 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
> > Request from
> > >> XXXXX, length 300
> > >> 17:50:47.370767 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
> > Request from
> > >> XXXXX, length 300
> > >> 17:51:03.369141 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
> > Request from
> > >> XXXXX, length 300
> > >>
> > >>
> > >> But If I add the MAC on static in my DHCP Server, it work fine.
> > >>
> > >> XXX:~# tcpdump -n port 67
> > >> tcpdump: verbose output suppressed, use -v or -vv for full
> > protocol decode
> > >> listening on eth0, link-type EN10MB (Ethernet), capture size 96
> > bytes
> > >> 17:11:28.052775 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
> > Request from
> > >> XXXXX, length 300
> > >> 17:11:28.053871 IP 192.168.10.1.67 > 255.255.255.255.68:
> > BOOTP/DHCP, Reply,
> > >> length 318
> > >> 17:11:28.055461 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
> > Request from
> > >> XXXXX, length 302
> > >> 17:11:28.056391 IP 192.168.10.1.67 > 255.255.255.255.68:
> > BOOTP/DHCP, Reply,
> > >> length 318
> > >>
> > >>
> > >> What did I miss ?
> > >>
> > >>
> > >> I follow the HowTo
> > >> http://www.openmaniak.com/vyatta_case_dhcp.php#dhcp-process
> > <http://www.openmaniak.com/vyatta_case_dhcp.php#dhcp-process> which
> is
> > >> brilliant, thanks.
> > >> The only differents is that my DHCP is not on the router, but
> > on another PC.
> > >>
> > >> Do I need to add a route to define the DHCP Server?
> > >> Do i need to add a data on the server to ask him to take the
> > request form
> > >> the Vyatta Router ?
> > >>
> > >>
> > >> Thanks for your help
> > >> --
> > >> Cordialement / Sincerely
> > >> Damien
> > >> MEP Volunteer Indonesia / Volontaire MEP Indonesia
> > >> http://www.mepasie.org
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> > > ______________________________________________________
> > > Désirez vous une adresse éléctronique @suisse.com
> > <http://suisse.com>?
> > > Visitez la Suisse virtuelle sur http://www.suisse.com
> > >
> > > _______________________________________________
> > > Vyatta-users mailing list
> > > Vyatta-users@mailman.vyatta.com
> > <mailto:Vyatta-users@mailman.vyatta.com>
> > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users
> > >
> >
> >
> >
> >
> > --
> > Cordialement / Sincerely
> > Damien HERITIER
> > MEP Volunteer Indonesia / Volontaire MEP Indonesia
> > http://www.mepasie.org
>
--
Cordialement / Sincerely
Damien HERITIER
MEP Volunteer Indonesia / Volontaire MEP Indonesia
http://www.mepasie.org
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
